|
From: | Eric S. Johansson |
Subject: | [Gnu-arch-users] Re: WebDAV |
Date: | Fri, 09 Apr 2004 14:00:37 -0400 |
User-agent: | Mozilla Thunderbird 0.5 (Windows/20040207) |
Dustin Sallings wrote:
I just don't get this at all. This is the configuration on my arch server (stock Mac OS X Apache):<IfModule mod_dav.c> DavLockDB /tmp/dav.lock Alias /arch /home/web/arch <Location /arch/> Dav On </Location> </IfModule> (I've also got a .htaccess in that directory for authentication).
OK, this looks fairly simple. In its raw form it's probably read/write without authentication from your comments about .htaccess. first question: how can we make it more failsafe to prevent unintended unrestricted write access? Second, what authentication systems can we use that aren't so fragile as HTTP basic authentication? Can we use digest? http://httpd.apache.org/docs/howto/auth.html#digest
it would be preferable if the webdav methods supported some form of cookie system. something that will support a stronger authentication technique: http://cookies.lcs.mit.edu/pubs/webauth:tr.pdf
permission variations that should be documented: read any read any write some read some write some (because if we don't, you know people will ask) ---eric
[Prev in Thread] | Current Thread | [Next in Thread] |